From 531dee31fd4b29653b2da452eeec7d3b83642ad4 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 27 May 2021 11:14:29 +0200
Subject: [PATCH] Fix securekey

---
 htdocs/public/payment/newpayment.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php
index 287f9a576db..38732d3825f 100644
--- a/htdocs/public/payment/newpayment.php
+++ b/htdocs/public/payment/newpayment.php
@@ -254,11 +254,15 @@ $parameters = [
 $reshook = $hookmanager->executeHooks('doValidatePayment', $parameters, $object, $action);
 
 // Check security token
+$tmpsource = $source;
+if ($tmpsource == 'membersubscription') {
+	$tmpsource = 'member';
+}
 $valid = true;
 if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
 	if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) {
-		if ($source && $REF) {
-			$token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical
+		if ($tmpsource && $REF) {
+			$token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$tmpsource.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical
 		} else {
 			$token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2);
 		}
@@ -770,7 +774,7 @@ $replacemainarea = (empty($conf->dol_hide_leftmenu) ? '<div>' : '').'<div>';
 llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody', $replacemainarea);
 
 // Check link validity
-if ($source && in_array($ref, array('member_ref', 'contractline_ref', 'invoice_ref', 'order_ref', ''))) {
+if ($source && in_array($ref, array('member_ref', 'contractline_ref', 'invoice_ref', 'order_ref', 'donation_ref', ''))) {
 	$langs->load("errors");
 	dol_print_error_email('BADREFINPAYMENTFORM', $langs->trans("ErrorBadLinkSourceSetButBadValueForRef", $source, $ref));
 	// End of page